Your iPhone and iPad are in Danger

If you use Apple products, here is what to do to protect yourself. By now, you’ve probably heard that attackers have told Apple that they have access to millions of iPhone and iCloud accounts.

The hacking group calls themselves “Turkish Crime Family.” They are demanding $100,000 in gift cards, or $75,000 in cryptocurrency by April 7, or they will wipe all the Apple accounts. It is easy to see why people who have Macs, iPhones, and iPads are concerned.

Apple says that Apple has not been hacked, but it is likely that any compromised passwords are the result of Apple users who may have used the same password at other websites as they do for their Apple account.

What should you do?

Perhaps the best solution to protect all your online accounts, Apple and other companies as well, is to set up two step verification.

You may have experienced going to a website, entering your username and password, and then your mobile phone buzzes and tells you to enter a code such as 777888 to complete the login process. That’s one type of two step verification.

When you use that kind of two step verification, an attacker would need to steal your mobile phone too before they could log on with your username and password. So, keep your phone with you. It will be difficult for people, especially those thousands of miles away, to access your phone even if they already know your username and password.

Another, even easier to use method for two step verification is called one tap login. Then, instead of needing to enter a code that comes via text message, all you have to do is tap an app on your phone to approve a login attempt.

To set up two step verification to protect your Apple devices, follow the instructions you will find when you google the following text. Either use copy and paste or manually type these words into a Google search:

two factor authentication for apple id site:apple.com

Always keep your devices upgraded with the latest security patches. If you have an older iPhone or iPad that cannot be upgraded to at least iOS 9 or newer, or a Mac that cannot be upgraded to El Capitan or newer, then follow the instructions you will find when you google:

two step verification for Apple ID site:apple.com

Drobox, PayPal, Google apps, and many other sites already support two step verification. You just have to turn it on. Do it today for all of your sensitive accounts.

To set up two step verification on your Google accounts, visit www dot google dot com/landing/2step/

Another way to find that page is to google this text, including the first word google:

Google 2 step verification site:google.com

For instructions to set up two step verification at Dropbox, google this text:

enable two step verification site:dropbox.com

Use similar searches to find instructions for your other services. It is important to use the word site followed by the actual website of your service if you want to get the information straight from the service, not somewhere else.

But you may wonder what to do for all the sites that you use that do not support two step verification.

Remembering passwords is too much trouble, so many people, even non-technical people, use a password manager to remember the different passwords for them. When they visit a site that asks for a password, the password manager quickly and automatically fills in their username and password for them.

But of course, you can never feel positive that password managers will keep your passwords secure. So, separate your passwords into two groups:

Put the passwords that you need to keep really secure, such as bank passwords, into the first group. You may choose to omit those sensitive passwords from your password manager. You might choose to remember them in your head. Or if you don’t like that idea, then you can write them down on paper that you keep in a secure location. Writing them down isn’t as good as memorizing them, but at least it is difficult for people thousands of miles away to read the paper on which you wrote the passwords. Or, if you feel you must store those passwords in a file on your computer, then encrypt the file, and name the file something other than “my passwords”.

The second group of passwords contains passwords, such as airline website logins, that it will not devastate you in the unlikely event that your password manager gets compromised. The passwords in this group are great candidates for your password manager.

Many people put the vast majority of their passwords in the password manager. The automatic filling in process sure speeds up the login process. Additionally, since you needn’t remember passwords anymore, using different passwords at different sites is easy. In fact, people sometimes trust password managers with even their most sensitive passwords, but only if those sites use two step verification too.

And, for a sometimes fun/sometimes scary experience, if you want to see if your password might have been hacked, follow the instructions you will find in The Foster Institute blog when you google:

How to Find Out if Your Password Might Have Been Hacked site:fosterinstitute.com

Please forward this to anyone you know who uses Apple devices, as well as anyone you know who wants to make their user names and passwords much more secure.